VYPR

Vendor CVEs

Janobe

All CVEs

155 total · sorted by risk
  • CVE-2023-5278Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack…

  • CVE-2023-5277Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be…

  • CVE-2023-5276Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2023-3059Jun 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack…

  • CVE-2023-27241Mar 27, 2023
    risk 0.00cvss epss 0.00

    SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.

  • CVE-2023-1397Mar 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack…

  • CVE-2023-27213Mar 9, 2023
    risk 0.00cvss epss 0.01

    Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.

  • CVE-2023-1099Feb 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php. The manipulation of the argument editid leads to sql injection. The…

  • CVE-2023-25431Feb 28, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.

  • CVE-2023-1038Feb 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is…

  • CVE-2021-34249Feb 24, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.

  • CVE-2022-43082Nov 1, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.

  • CVE-2022-43081Nov 1, 2022
    risk 0.00cvss epss 0.01

    Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php.

  • CVE-2022-3671Oct 26, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit…

  • CVE-2022-38576Sep 19, 2022
    risk 0.00cvss epss 0.01

    Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.

  • CVE-2022-38268Sep 8, 2022
    risk 0.00cvss epss 0.01

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.

  • CVE-2022-38267Sep 8, 2022
    risk 0.00cvss epss 0.01

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=.

  • CVE-2022-38260Sep 8, 2022
    risk 0.00cvss epss 0.01

    Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=.

  • CVE-2022-38255Sep 8, 2022
    risk 0.00cvss epss 0.01

    Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php.

  • CVE-2022-2685Aug 5, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input leads to cross…

  • CVE-2022-2679Aug 5, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT…

  • CVE-2022-31355Jun 17, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.

  • CVE-2022-31356Jun 17, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.

  • CVE-2022-31357Jun 17, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.

  • CVE-2022-31329May 31, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.

  • CVE-2022-31328May 31, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.

  • CVE-2022-31327May 31, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.

  • CVE-2022-31337May 31, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.

  • CVE-2022-31338May 31, 2022
    risk 0.00cvss epss 0.01

    Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.

  • CVE-2022-28993May 20, 2022
    risk 0.00cvss epss 0.02

    Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.

  • CVE-2022-28420Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.

  • CVE-2022-28423Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.

  • CVE-2022-28424Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.

  • CVE-2022-28432Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.

  • CVE-2022-28431Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.

  • CVE-2022-28433Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.

  • CVE-2022-28434Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.

  • CVE-2022-28435Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.

  • CVE-2022-28437Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.

  • CVE-2022-28439Apr 21, 2022
    risk 0.00cvss epss 0.01

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.

  • CVE-2021-44090Jan 20, 2022
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.

  • CVE-2021-44599Dec 23, 2021
    risk 0.00cvss epss 0.01

    The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The…

  • CVE-2021-43156Dec 22, 2021
    risk 0.00cvss epss 0.01

    In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.

  • CVE-2021-43437Dec 20, 2021
    risk 0.00cvss epss 0.01

    In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host…

  • CVE-2021-42671Nov 5, 2021
    risk 0.00cvss epss 0.20

    An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server…

  • CVE-2021-42664Nov 5, 2021
    risk 0.00cvss epss 0.02

    A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web…

  • CVE-2020-36033Jul 22, 2021
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.

  • CVE-2020-19114May 5, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-23763Apr 9, 2021
    risk 0.00cvss epss 0.02

    SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

  • CVE-2020-35752Mar 10, 2021
    risk 0.00cvss epss 0.01

    Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.